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(57) In a program execution environment, an appli- 
cation program that was encrypted by using secret key- 
A is supplied to a decoding section 82, and publicized 
key-B and an encrypted publicized key-A (correspond- 
ing to secret key-A) that was encrypted by using secret 
key-B corresponding to publicized key-B are supplied to 
a decoding section 84. The decoding section 84 de- 
codes the encrypted publicized key-A by using publi- 
cized key-B and supplies a resulting publicized key-A to 



the decoding section 82. The decoding section 82 de- 
codes the encrypted application program by using pub- 
licized key that is supplied from the decoding section 84 
and supplies Java byte codes as a decoding result to a 
Java virtual machine 83. The Java virtual machine 83 
interprets and executes the Java byte codes that are 
supplied from the decoding section 82. As a result, it 
becomes possible to allow only programs developed by 
a legitimate software developer to be executed in a cer- 
tain program execution environment. 
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Description 

The present invention relates to an M*^*™ 
processing apparatus and method and a recording me- 
5um. in particular, the invention relates to an .nlorma- 
tion orocessing apparatus and method and a recording 

by a legitimate program developer to be executed in a 
certain program execution environment. 

Java (trademark o1 Sun Microsystems, Inc. 01 the 
USA) now attracts much attention because it is suita- 
ble , or the Internet that has spread rapidly in recen 
vears The term "Java" is used to reler to each ot the 
Java language which is an object-oriented language, a 
ia machine (hereinafter referred to as "Java virtua 
machine" where appropriate) that 
architecture suitable for execut.on of a prograrr e 
inafter referredtoas "Java program' where approp ate) 
written in the Java .anguage, and other elements , rrt£ 
ing to Java, or it is used as a genenc term of those^ The 
e?m "virtual machine" means a virtual machine ahat is 
assumed in implementing a language process 9 sys 
tern rather than a virtual machine that » used to cause 
a single computer to virtually behave to users as .1 it 
were a plurality of computers. 

A Java virtual machine is implemented on an actual 
(r eaJ computer so as to operate on an OS (operajng 
system) that is installed in the computer. On the other 
hand, a Java program is compiled into binary cedes that 
are constituted ot instruction sets of the Java vmual ma- 
chine The binary codes can be executed by any hard- 
ware in which the Java virtual machine can operate^ 
Therefore, a complied Java program can be executed 
onvaTtousplatformsas.ongastheJavavirtualmach.ne 

operates there. 

Based on the fact that a Java program can be exe 
cuted on any machine once a Java virtua. rnachin , » 
implemented, and other grounds, it is expected that the 
Sa virtual machine will spread to many users and 
many application programs will be developed and d s 
Uibuted (irrespective of whetherthey have to be pa,dfor 
or are free) to many such users. 

Under the above circumstances, there may occur a 
case that a party who has developed and distributed a 
p^ execution environment such as a Java virtual 
machine wants to restrict the distribution of an , apptaa- 
^on program that was developed by a third party and is 
execute" in such a program execution environment for 
example, the former party may want to permit retribu- 
tion of application programs to only l.censed parties 

On the other hand, in a Java virtual machine inter- 
mediate codes called byte codes (Java codes) that are 
obtained by compiling a Java program with a Java com- 
5E are interpreted and executed. Java byte codes can 
be understood relatively easily by discomp.l.ng those^ 
which enables reverse engineering to be Performed 
easily. Therefore, it is necessary to prevent imitation and 
falsification by a third party. 



SUMMARY Q e™F INVENTION 

The present invention has been made under the 
above circumstances, and an object to the invention k 
s Sore to make it possible to restrict the execution , o 
a p ogram in a certain program execute environment 
as well as to prevent imitation and 1alsif.cat.on ot a pro- 

^The information processing apparatus according to 
the first aspect of the presen, .invention comp ^ses first 
kev decoding means for decoding, by using a second 
key an eTr/pted version of a f irst key that is necessary 
t decoS an encrypted version ol a program; program 

Txecut g means' lor executing the program that is out- 
out 1rom the program decoding means. 
P The iniation processing method according to 
» the second aspect of the ^Un^c^^ 
the steps of decoding, by using a second key. an en 
5p Aversion of a first key that is necessary to decode 
an encrypted version of a program; decod ng the en 
c^pted version of the program by using the f irst key that 
zs is'Stainedthroughthedecoding^ndexecutingthepro- 

aram that is obtained by the decoding. 
9 The^ 

of the present invention is a recording mediumon which 
foraaramfe recorded, the program being for caus.ng a 
so decode, by using a second 

ed version of a first key that is necessary to decode an 
ScryptS version of a program; decode the encryp^d 
vision of the program by using the first key that is ob- 
Sd through'thedecoding; and execute the program 
is that is obtained by the decoding. 

The formation processing apparatus according to 
the fourth aspect of the present invention comprises en- 
SpSSg means for encrypting a program into encrypted 
s?n" ences to be decoded into codes that can be exec ut- 
40 ed Ty the information processing apparatus according 
to the first aspect ot the present invention . 

The information processing method according to 
the fifth aspect of the present invention «?P™E£ 
step of encrypting a program into encrypted sentences 
45 to be decoded into codes that can be executed by he 
information processing apparatus according to the first 
A^nect of the present invention. 

P Th Trending medium according to the sixth aspect 
of the present invention is a recording medium on wh ch 
50 aprogramis^^ 

encrypted sentences to be decoded into codes tha can 
be executed by the information processing apparatus 
according to the first aspect of the present inventtoa 
Thefnlormation processing apparatus according to 
5S the seventh aspect ot the present 

executinq means for executing a program, key decoamg 
means tor decoding, by using a second key. an encrypt- 
Td versSn of a first key to be used in checking a s.gna- 
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lure that is added to the program, checking means Jor 
checking, by using the first key that ,s 
decoding by the key decoding means whether the s.g 
nature tSat is added to the program ,s 
supplying means for supplying ihe execut.ng means 
with the program that has been affirmed to be legitimate 
by the checking means and to which the signature « 

The information processing method according to 
the eighth aspect of the present invention compr.ses he 
steps of decoding, by using a second key, an encrypted 
version of a first key to be used in checking a signature 
that is added to a program; checking, by using the first 
key that is obtained through the decoding, whether the 
signature that is added to the program is legitimate, and 
executing the program only when it is affirmed to be le- 

9,tim The recording medium according to the ninth as- 
pect of the present invention is a recording medium on 
which a program is recorded, the program being tor 
causing a computer to decode, by using a second key 
an enc^pted version of a first key to be used .n checking 
a signature that is added to a program; check by using 
the first key that is obtained through the decoding, 
whether the signature that is added to the program is 
legitimate; and execute the program only when .1 is ai- 
firmed to be legitimate. 

The information processing apparatus according to 
the tenth aspect of the present invention comprises 
processing means for processing a program so that a 
signature will be affirmed to be legitimate in the informa- 
tion processing apparatus according to the seventh as- 
pect ol the present invention. 

The information processing method according to 
the eleventh aspect of the present invention comprises 
the step of processing a program so that a signature w.ll 
be affirmed to be legitimate in the information process 
ing apparatus according to the seventh aspect of the 
present invention. 

The recording medium according to the twelfth as- 
pect ol the present invention is a recording medium on 
which a program is recorded, the program having been 
processed so that a signature will be affirmed to be le- 
gitimate in the information processing apparatus ac- 
cording to the seventh aspect of the present invention. 

In the information processing apparatus according 
loihe first aspect of the present invention, the first key 
decoding means decodes, by using a second key an 
encrypted version of a first key that is necessary to de- 
code an encrypted version of a program, and the pro- 
gram decoding means decodes the encrypted version 
of the program by using the first key that is obtained 
through decoding by the first key decoding means. The 
executing means executes the program that is output 
from the program decoding means. 

In the information processing method according to 
the second aspect of the present invention, an encrypt- 
ed version ol a first key thai is necessary to decode an 



encrypted version of a program is decoded by using a 
second key, the encrypted version of the program is de- 
coded by using the first key that is obtained through the 
decoding, and the program that is obtained by the de- 
s coding is executed. . 

On the recording medium accord.ng to the third as- 
pect ol the present invention, a program for causing a 
computer to decode, by using a second key. an encrypt- 
od version of a first key that is necessary to decode an 
,o encrypted version of a program, decode the encrypted 
version of the program by using the first key that is ob- 
Sned through the decoding, and execute the program 
that is obtained by the decoding is recorded. 

In the information processing apparatus accord.ng 
,s tothefourthaspectotthepresentinventiontheenc^ 

ing means encrypts a program ™°*™W Xe ?*°T ™ s 
to be decoded into codes that can be executed by he 
information processing apparatus accord.ng to the first 
aspect of the present invention. 
20 In the information processing method accord.ng to 
the fifth aspect of the present invention, a program s 
encrypted into encrypted sentences to be decoded into 
codes that can be executed by the information process- 
ing apparatus according to the first aspect of the present 

ss invention. iu^^hac. 
On the recording medium according to the sixth as 
pect of the present invention, a program being^ encrypV 
ed into encrypted sentences to be decoded into codes 
that can be executed by the information processing sp- 
at paratus according to the first aspect of the present in- 
vention is recorded. . 

In the information processing apparatus according 
to the seventh aspect of the present invention the key 
decoding means decodes, by using a second key an 
ss encrypted version of a first key to be used in checking 
asignature that is added to a program, and hechecking 
means checks, by using the first key that .s opined 
through decoding by the key decoding means, whether 
he signature that is added to the program .s .egitimate^ 
40 The supplying means supplies executing means wrth 
the program that has been affirmed to be legitimate by 
me checking means and to which the signature ,s add- 
ed. The executing means executes the progfani 

in the information processing method according to 
45 the eighth aspect of the present invention, an encrypted 
version d a L key to be used in checking a signature 
that is added toa program is decoded by using a second 
key it is checked by using the first key that is obtamed 
through the decoding, whether the signature that is add- 
so ed to the program is legitimate, and the program is ex- 
ecuted only when it is affirmed to be legitimate. 

On the recording medium according to the ninth as- 
oect of the present invention, a program for causing a 
computer to decode, by using a second key, an encrypt- 
S5 ed version o1 a first key to be used in checking a signa- 
ture that is added to a program, check by using the f rst 
key that is obtained through the decoding, whether the 
signature that is added to the program is leg.t.mate, and 
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execute the program only when it is affirmed to be legit- 
imate is recorded. 

In the information processing apparatus according 
tothe tenth aspectotlhe present invention, the process- 
ng means processes a program so that a signature will 
be affirmed to be legitimate in the informat.on process 
ing apparatus according to the seventh aspect of the 
present invention. 

In the information processing method accord.ng to 
the eleventh aspect of the present invention a program 
is processed so that a signature will be affirmed to be 
legitimate in the information processing apparatus ac- 
cording to the seventh aspect of the present invention^ 
On the recording medium according to the twelfth 
aspect of the present invention, a program having been 
processed so that a signature will be affirmed to be le- 
gitimate in the information processing apparatus ac- 
cording to according to the seventh aspect of the 
present invention is recorded. 

RRIEF DESCRIPTION OF TMF DRAWINGS 
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Fig. 16 is a flowchart showing a process of the soft- 
ware developer server 31; 
Fig. 17 a flowchart showing a process of the pro- 
gram certificate authority server 32; 
Fiq 18 is a block diagram showing a second exam- 
ple of functional configuration of a program execu- 

Rg. TsTte ^flowchart showing a process of the pro- 

qram certificate authority server 32; 

Fig. 20 is a block diagram showing an example of 

functional configuration of a loader. 

f£ 21 isablock diagram showing a fourth example 

of f unctional configuration of a program execution 

Sta 22 is attack diagram showing an example of 
configuration ol the software developer server 31 . 

hftaii FD desc ription OF THF PREFERRED 
FMRODIMENTS 



Fiq 1 is a block diagram showing a first example of 
functional configuration of a program execution sys- 

FioN is a block diagram showing a fifth example of 
functional configuration of a program execution sys- 

Fi^3 is a flowchart showing a process of a software 
developer server 31 ; 

Fiq 4 is a block diagram showing a third example 
of functional configuration of a program execution 

Fig* 6te a flowchart showing a process of the soft- 
ware developer server 31 ; 
Fig 6 shows a correlation between resources of a 
computer 1 and those of a Java virtual machine 11 
that is implemented on the computer 1; 
Fig. 7 illustrates a process of the Java virtual ma- 
chine 11; ... . 
Figs. 8 and 9A-9B illustrate a process of the Java 

virtual machine 1V, . n , 

Fio 10 is a block diagram showing an example ol 
configuration of an embodiment ol a program pro- 
viding system according to the present invent.on; 
Fig 11 is a block diagram showing an example of 
configuration of a soltware developer server 31 

shown in Fig. 10; . , 

Fiq 12 is a block diagram showing an example of 
configuration of a program certificate authority serv- 
er 32 shown in Fig. 10; 

Fiq 13 is a block diagram showing an example ol 
configuration of a user terminal 33 shown in Fig 1 0; 
Fig 14 is a block diagram showing an example ot 
configuration of an encryption/decoding system; 
Fiq 15 is a block diagram showing an example ot 
configuration of an encryption/decoding system us- 
ing a digital signature; 



The embodiments of the present invention will be 
described below. Before that, to clarity the 'correlation 
between the respective means of the inven ion that are 
described in the claims and the components of he fo 
2S lowing embodiments, the features of the invention w,H 
be described below in such a mannerthat the respective 
nTeans aretol.owed. ta parentheses, by *-o = *nts 
(just examples) of the corresponding 
U The information processing apparatus according to 
so thefirstaspectofthepresentinventionisaninlormation 

Processing apparatus which executes a process for ex- 

inq means (for example, a decoding section 84 shown 
in fS 1 and a decoding section 1 31 shown in Fig. 2) for 
35 decking by using a second key, an encrypted vers on 
Ja^t key that I necessary to decode an encrypted 
vefs on of the program; program decoding , means (to 
example, a decoding section 82 shown in Fig. 1 and a 
Tcoding means 132 shown in Fig, 2) for decoding he 
40 encrypted version ot the program by using the f irsT key 
fhaus obtained through decoding by the first key decod- 
ng means; and executing means (for example, a Java 
Sua. machine 83 shown in Figs. 1 and 2) tor execut n g 
the program that is output from the program decoding 

45 mea ?ne above information processing apparatus fur- 
ther comprises second key decoding means (1°^xam- 
ole a decoding section 84 shown in Fig. 2) for decoding 
oy usmg a thirS key. an encrypted version of the second 
50 key in a case where the second key is encrypted 
. V The information processing apparatus accorjngto 
the fourth aspect of the present invention is an mforma- 
S. Pressing apparatus which executes a program^ 
and comprises encrypting means (tor examp le a CPU 
ss 41 shown in Fig. 11 that executes a program processing 
iep s7shown 9 ,n Fig. 3) tor encrypting the program in* 
encrypted sentences to be decoded into 
be executed by the information processmg apparatus 
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according to the first aspect of the present invention. 

The information processing apparatus according to 
the seventh aspect of the present invention .s an infor- 
mation processing apparatus which executes a pro- 
gram and comprises executing means (lor example, a 
Java virtual machine 83 shown in Fig. 4) for execut.ng 
the program; key decoding means (for example, a de- 
coding section 84 shown in Fig. 4) for decoding, by using 
a second key. an encrypted version of a first key to be 
used in checking a signature that is added to the pro- 
gram; checking means (for example, a signature check- 
ing section 103 shown in Fig. 4) for checking, by us.ng 
the first key that is obtained through decoding by the key 
decoding means, whether the signature that is added to 
the program is legitimate; and supplying means (for ex- 
ample, a virtual machine input control sect.on 104 
shown in Fig. 4) for supplying the executing means with 
the program that has been affirmed to be legitimate by 
the checking means and to which the signature is add- 

The information processing apparatus according to 
the tenth aspect of the present invention is an informa- 
tion processing apparatus which executes a program 
and comprises processing means (for instance, a CPU 
41 shown in Fig. 11 that executes program processing 
steps S22 and S23 shown in Fig. 16) for processing the 
program so that a signature will be affirmed to be legit- 
imate in the information processing apparatus accord- 
ing to the seventh aspect of the present invention. 

Naturally, the above statements do not mean that 
the respective means are limited to the components that 

f °"°The following embodiments will be directed to a 
case where the invention is applied to a Java virtua ma- 
chine, though the invention can be applied to a real ma- 
chine itself in addition to a virtual machine such as a 
Java virtual machine. ... „„ 

Since Java is described in detail in. for instance. 
Nikkei Electronics 1996.3.25 (no. 658) and 1996.6.17 
(no. 664) published by Nikkei Business Publications, 
Inc it will be described below only briefly. 

"a Java virtual machine is an abstracted execution 
machine and is actually a program that is executed by 
an actual computer. Like an actual computer, a Java vir- 
tual machine has a program counter, a stack register, a 
general-purpose register, a memory as a stack or a 
heap, and other resources, and those resources are 
mapped to resources of an actual computer. 

Assume that an actual computer 1 has a central 
processing unit 2, a register 3 that is incorporated in the 
central processing unit 2, a memory 4. and other re- 
sources as shown in Fig. 6. When a Java virtual machine 
1 1 is implemented on the computer 1 , the resources of 
the actual computer 1 are mapped to those of the Java 
virtual machine 1 1 . In the embodiment of Fig. 6. the Java 
virtual machine 11 has a register 13, a memory 14, and 
other resources. The register 1 3 is mapped to the reg- 
ister 3 and address 200 of the memory 14 is mapped to 



address 100 of the memory 4. 

In the actual computer 1 , an instruction to the cen- 
tral processing unit 2 is executed as a manipulate on 
its resource. Similarly, in the Java virtual machine 11, 
s instructions to be executed as manipulations on its re- 
sources are defined. The Java language is a language 
to describe instructions to the Java virtualmach.ne 1V 
,n the Java virtual machine, Java byte codes that a e 
obtained by compiling a source program described in 
Z Java language with a Java compiler are interpreted 

and T X haUs ed as shown in Fig. 7. a Java language pro- 
gram that is a source program written in the Java lan- 
guage is compiled into Java byte codes by a Java com- 
,5 Sl.TheJavabytecodesareinputtotheJavavirtual 
^chinell.v^eretheyareconvertedintomachine lan- 
guage codes that can be interpreted by the actual com- 
pter 1 (central processing unit 2). More specif cal y, lor 
example, as shown in Fig. 8, when an instruction (Java 
20 byte code instruction) "move «125. register 13 ^ de- 
scribed in Java byte codes and meaning "set numeral 
' 25- inThe register 1 3" is input to the «ua , ma- 
chine 11 . the Java virtual machine 11 convert. irt into an 
■ instruction (machine language instruction) move #1 25, 
25 register 3' described in machine language codes. 

In the computer 1 . numeral "125" is set in the reg- 
ister 3 of the computer 1 as shown in Fig. 9A as a result 
of execution of the instruction written in machine lan- 

30 9Ua ro?scribed above, the register 1 3 of the Java vir- 
tual machine 11 is mapped to the register 3 of the com- 
puteM Therefore, setting numeral "125" in the register 
3 ot the computer 1 means setting numeral "1 25 in the 
Agister 1 3 vLn viewed from the Java virtual machine 
35 11 as shown in Fig. 9B. ; 

,n the above manner, a Java byte code instruction 
that is input to the Java virtual machine 11 is converted 
mo machine .anguage codes tor the computer 1 and 
then executed as a manipulated on a resource of the 
40 computer 1 that is mapped to a resource of the ^Java 
virtual machine 11. When viewed from the Java virtual 
machine 11, the above manipulation corresponds to a 
motion on the resource of the Java virtual ma- 
chine ,11; execution o1 the former manipulation means 
as execution of the Java byte code instruction 

Therefore, as described above, by implementing a 
Java virtual machine on an actual computer, a implied 
Java program can be executed irrespective of the CPU 
(central processing unit) and the OS used in the com- 

50 PUt6 An example of a technique for converting Java byte 
codes into machine language codes and executing the 
.atter is an interpreter scheme in which -"terpr**™ * 
instructions into machine language codes arrfe*^ 
as tion of the machine language codes are 

by one as in the case of execut.ng a Basic anguaae 
program. Another example is a JIT Gust ,n time) compter 
scheme in which interpretation of instructions into ma- 
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chine language codes and execution of the machine lan- 
guage codes are performed en bloc. 

The interpreter scheme employed in executing a 
Basic language program is different from that used in 
interpreting Java byte codes in that source codes are 
interpreted in the former scheme whereas intermediate 
codes (Java byte codes) are interpreted in the latter 
scheme. However, these two schemes are not discrim- 
inated in this embodiment (it is not necessary to do so). 

Fig 1 0 shows an example ol configuration of an em- 
bodiment of a program providing system according to 
the invention (the term "system" means a collection of 
a plurality of devices that are logically related to each 
other; whether the devices are accommodated physical- 
ly in a single chassis is irrelevant). 

In this program providing system, when a software 
developer distributed to a user an application program 
that is not certified by a program certificate authority, ex- 
ecution of the application program on a user terminal 33 
ol the user is restricted. 

For example, when a software developer has de- 
veloped an application program that operates on a Java 
virtual machine as a program execution environment 
that was developed by the program certificate authority 
or a party who requested the program certificate author- 
ity to certify programs and desires distribution of the ap- 
plication program, the soltware developer makes a li- 
cense contract to such an effect with the program cer- 
tificate authority. Once the license contract has been 
made the program certificate authority delivers, as a 
certificate, to the software developer a key to be used 
for encryption of the application program or addition of 
a signature to it. 

Specifically, in this embodiment, it is assumed that 
encryption of the application program or addition of a 
signature to it is performed according to a publicized key 
encryption scheme as typified by the RSA scheme (de- 
vised by the three researchers of MIT; RSA is from the 
initials of their names). In this case, a set of secret key- 
A to be used tor encryption according to the publicized 
key encryption scheme and publicized key-A to be used 
lor decoding a result of encryption that has used secret 
key-A is delivered to the software developer 

A software developer server 31 of the software de- 
veloper and a program certificate authority server 32 of 
the program certificate authority can communicate with 
each other through a network 34that is the Internet, pub- 
lic lines, a CATV network, a ground wave network, a sat- 
ellite network, or the like. Secret key-A and publicized 
key-A are delivered through the network 34, for in- 
stance 

Secret key-A and publicized key-A may be pre- 
pared by a software developer itself rather than pre- 
pared by the program certificate authority and delivered 
to a software developer who has been licensed. 

After being given secret key-A and publicized key- 
A, the software developer transmits publicized key-A 
from the software developer server 31 to the program 



certificate authority server 32 via the network 34, for in- 
stance 

Upon reception of publicized key-A from the soft- 
ware developer server 31, the program certificate au- 
s thority server 32 encrypts it and transmils publicized 
key-A that has been encrypted (hereinafter referred to 
as 'encrypted publicized key" where appropriate) to the 
software developer server 31 via the network 34. 

In the program certificate authority server 32, pub- 
is licized key-A is encrypted according to a publicized key 
encryption scheme. That is, in the program certificate 
authority server 32, a set ol secret key-B to be used for 
encryption and publicized key-Bio be used for decoding 
a result of encryption that has used secret key-B is pre- 
« pared and publicized key-A is encrypted by using secret 
key-B. 

On the other hand, in the software developer server 
31 the encrypted publicized key-A transmitted from the 
program certificate authority server 32 is received and 
so encryption of the application program or addition of a 
signature to it is performed by using secret key-A. The 
application program that has been encrypted or to which 
the signature has been added is stored so as 1o be cor- 
related with the encrypted publicized key-A. 
ss Upon receiving a request for the application pro- 
. gram from the user terminal 33 via the network 34, lor 
instance, the software developer server 31 transmits the 
application program (that is encrypted or to which a sig- 
nature has been added as described above) to the user 
30 terminal 33 via the network 34 together with the corre- 
sponding encrypted publicized key-A. 

A Java virtual machine as a program execution en- 
vironment that has been developed by the program cer- 
tificate authority or a party who requested to the program 
35 certificate authority to certify programs is implemented 
in the user terminal 33, as explained below. The pro- 
gram certificate authority server 32 stores a program ex- 
ecution system (i.e., a program for allowing a computer 
(user terminal 33) 1o operate as a program execution 
40 environment) as a Java program execution environment 
including a Java virtual machine that is provided by the 
program certificate authority. When the user requests 
the program certificate authority server 32 to send the 
program execution system by manipulating the userter- 
45 minal 33, the program certificate authority server 32 
transmits the program execution system to the user ter- 
minal 33 via the network 34, for instance. In this manner, 
the program execution system provided by the program 
certificate authority is implemented in the user terminal 
so 33. 

The program certificate authority server 32 trans- 
mits to the user terminal 33, publicized key-B togelher 
with the program execution system. The received pub- 
licized key-B is stored in the user terminal 33. 
ss In the user terminal 33 as a Java virtual machine in 
which the program execution system is implemented, 
an application program that has been transmitted from 
the soltware developer server 31 is executed normally 
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only when it is certified by the program certificate au- 

^ That is. in the user terminal 33, the encrypted pub- 
licized key-A that has been transmitted from the soft- 
ware developer server 31 is decoded into publicized 
key-A by using publicized key-B that has been transmu- 
ted from the program certificate authority server 32. Fur- 
ther in the user terminal 33. an encrypted application 
program that has been transmitted from the software de- 
veloper server 31 is decoded by using publicized key-A 
thus obtained. The decoded application program is ex- 
ecuted on the Java virtual machine. Or the legitimacy - o 
a signature that is added to an application program that 
has been transmitted from the software developer sery ; 
er 31 is checked by using publicized key-A. The appli- 
cation program is executed on the Java virtual machine 
only when the legitimacy of the signature is affirmed. 

Therefore, if a key to be decoded by using publ.- 
cized key-B is not the encrypted publicized key-A, i.e 
the legitimate one. publicized key-A cannot be obtained 
as a decoding result. Even if the application program is 
decoded by using such a decoding result, there cannot 
be obtained an application program that is normally 
processed on the Java virtual machine; that is. the Java 
virtual machine does not operate correctly 

Similarly, when a signature is checked by using a 
key that is not publicized key-A, the legitimacy of the 
signature is denied. The application program cannot be 
executed on the Java virtual machine either. 

As described above, where an application program 
that has been transmitted from the software developer 
server 31 is not certified by the program certificate au- 
thority, it cannot be executed (at least normally) on the 
user terminal 33 as the Java virtual machine. 

As a result, a party who has developed and distrib- 
uted a Java virtual machine as a program execution en- 
vironment can restrict unauthorized distribution of an 
application program that was developed by a third party 
and is executed on the Java virtual machine. For exam- 
ple, the former party can permit distribution of applica- 
tion programs to only licensed software developers. 

In the above example, after acquiring publicized 
key-A. secret key-A, and the encrypted publicized key- 
A the software developer can freely distribute applica- 
tion programs that can be executed on the Java wlual 
machine implemented in the user terminal 33^ There- 
lore the software developer need not do cumbersome 
work of transmitting each newly developed application 
program to the program certificate authority server 32 
to have it certified. 

However, there may occur a case that the program 
certificate authority wants to reslrict the use of publi- 
cized key-A, secret key-A. and an encrypted publicized 
key-A by a software developer to several programs. For 
example, this can be done by the program certificate au- 
thority's changing secret key-B that is used tor encrypt- 
ing publicized key-A. (In this case, the program certifi- 
cate authority needs to distribute a publicized key cor- 



responding to a new secret key to users.) Alternatively, 
the above object can be attained in the following manner 
without making the above change. If the program certif- 
icate authority assigns respective software developers 
5 unique publicized keys-A and secret keys-A. it can iden- 
tify a software developer who has distributed a certain 
applicationprogrambyreferringtoacipheredpubliczed 

key-A or a signature. For example, the program certifi- 
cate authority can easily identify a software developer 
io who has distributed application programs the number of 
which exceeds a number that is prescribed in a license 
contract to the effect that the use of publicized key-A 
secret key-A. and a ciphered publicized key-A is limited 
to the above number of programs. 
is Software developers can distribute an application 
program to users by recording it on a recording medium 
35 such as a CD (compact disc)-ROM or a magnetic 
disk and, for instance, sending it by mail or selling it over 
the counter. Even in this case, as in the above-described 
20 example, such an application program cannot be ^exe- 
cuted in the user terminal 33 as a Java virtual machine 
if the application program is not certified by the program 

C6rt «hSabove example thedata (pubjicized 
zs key-A, secret key-A. and the ciphered publicized key-A) 
are exchanged between the software developer anc the 
program certificate authority via the network 34. the data 
exchange may also be done by. for 
recording medium (not shown) on which the data are 
30 recorded by mail. „ ..«,.,_ 

Similarly, the program certificate authority may sup- 
ply users with the program execution system and pub- 
licized key-B by recording those on a recording med um 
36 such as a CD-ROM or a magnetic disk and. for m- 
35 stance, sending it by mail or selling it ove ■ -th m | counter 
Further, although in the embodiment of Fig. 10 the 
software developer server 31. the program certificate 
authority server 32. and the user terminal 33 are each 
provided by one, they may each be provided in plurality 
40 Fig 11 shows an example of configuration of the 
software developer server 31 shown in Fig. 10. 

A CPU 41 executes various kinds of processes by 
executing programs stored in an auxiliary storage de- 
vice 46 under the control ol an operating system that is 
45 stored (recorded) in the auxiliary storage device 46. A 
ROM (read-only memory) 42 stores an IPL («mal pro- 
gram loading) program and other programs. A RAM 
(random access memory) 43 stores a program to be ex- 
ecuted by the CPU 41 and data necessary for operation 
so of the CPU 41 . An input section 44, which is a keyboard 
or a mouth, for instance, is manipulated in inputting a 
desired command or data, orthe like. An output section 
45, which is a display device or a printer, for instancy 
displays or prints necessary information. The auxiliary 
55 storage device 46, which is a hard disk drive, for in- 
stance, stores the operating system and other programs 
to be executed by the CPU 41 . as well as 
suits of the CPU 41 and other necessary data. A com- 



7 



13 



EP0 875 814 A2 



14 



munication control section 47 controls communications 
that are performed via the network 34. 

Fig. 12 shows an example of configuration of the 
program certificate authority server 32 shown in Fig. 10 
and Fig. 13 shows an example of configuration of the 
user terminal 33 shown in Fig. 10. 

The program certificate authority server 32 is com- 
posed of a CPU 51 to a communication control section 
57 and the user terminal 33 is composed of a CPU 61 
to a communication control section 67. Since the above 
components are configured in the same manner as the 
CPU 41 to the communication control section 47 of Fig. 
1 1 , descriptions therelor are omitted. 

Next, a description will be made ol the encryption/ 
decoding according to the above-mentioned publicized 
key encryption scheme as one method of encrypting/ 
decoding publicized key-A or an application program. 

Fig. 1 4 shows an example of configuration of an en- 
cryption/decoding system according to the publicized 
key encryption scheme. 

A normal sentence as a subject of encryption is in- 
put to an encryptor 71. The encryptor 71 encrypts the 
normal sentence into an encrypted sentence by using 
an encryption key that is called a secret key and is 
unique to each person. 

On the other hand, an encrypted sentence pro- 
duced by the encryptor 71 is input to a decoder 72. The 
decoder 72 decodes the encrypted sentence into the 
original normal sentence by using a decoding key called 
a publicized key and is open to the public. 

Like the encryptor 71 , the software developer serv- 
er 31 encrypts Java byte codes as an application pro- 
gram by using secret key-A. Further, like the encryptor 
71 , the program certificate authority server 32 encrypts 
publicized key-A that is transmitted from the software 
developer server 31 by using secret key-B. 

On the other hand, like the decoder 72, the user ter- 
minal 33 decodes the encrypted publicized key-A by us- 
ing publicized key-B and further decodes the encrypted 
application program by using the thus-decoded publi- 
cized key-A. . 

The encryption/decoding method is not limited to 
the publicized key encryption scheme and other 
schemes such as the common key encryption scheme 
as typified by the DES (data encryption standard) 
scheme (developed by IBM Corp. and put into practical 
use as a standard of the U.S. government) may also be 
used. In the common key encryption scheme, encryp- 
tion/decoding is performed by using a common key that 
is not open to any parties other than the parties con- 
cerned. In the publicized key encryption scheme, a se- 
cret key for encryption is different from a publicized key 
for decoding (conversely, a publicized key and a secret 
key may be used for encryption and decoding, respec- 
tively). In contrast, in the common key encryption 
scheme, the same, common key is used for both en- 
cryption and decoding. Therefore, it is necessary to 
keep the common key secret from parties other than the 



parties concerned. 

Next, a description will be made of a signature ad- 
dition method according to the publicized key encryption 
scheme as one method of adding a signature (digital sig- 
5 nature) to an application program. 

Fig. 1 5 shows an example of configuration ol an en- 
cryption/decoding system according to the publicized 
key encryption scheme for generating/checking a sig- 
nature. . . 
10 A normal sentence as a subject of encryption is in- 
put to a digest generator 91 , which generates a digest 
of the received normal sentence according to such an 
algorithm as MD5 (MD: MessageDigest) or SHA-1 
(SHA- secure hash algorithm). The MessageDigest 
J5 class is an engine class designed to provide the func- 
tionality of cryptographically secure message digests 
such as SHA-1 or MD5. A cryptographically secure di- 
gest takes arbitrary-sized input (a byte array), and gen- 
erates a fixed-size output, called a digest. A digest has 
20 the following properties. It should be computationally in- 
feasible to find another input string that will generate the 
same digest The digest does not reveal anything about 
the input that was used to generate it. Message digests 
are used to produce unique and reliable identifiers of 
25 data. They are sometimes called the "digital finger- 
prints" of data. 

A digest corresponds to a mechanically condenseo 
sentence of a normal sentence, and different digests are 
generated 1or different normal sentences as inputs. A 
30 digest is generated by converting a normal sentence by 
using a hash function, for instance. 

Incidentally, a method of mapping a set of ranges 
that can be taken by a keyword used lor searching a 
database to a certain limited numerical range (corre- 
35 sponding to a record number or a suffix of an array) is 
called hashing. A transformation function of this map- 
ping is a hash function. , 
The digest generated by the digest generator 91 is 
supplied to an encryptor 92. The encryptor 92 encrypts 
40 the digest by using a secret key, for instance, like the 
encryptor 71 shown in Fig. 1 4, and outputs an encrypted 
digest as a digital signature. The digital signature is add- 
ed to the original normal sentence and a resulting sig- 
nature-added normal sentence is output. 
45 On the other hand, the digital signature as part of 
the signature-added normal sentence is input to a de- 
coder 93 and the sentence as the remaining part is input 
to a digest generator 94. The decoder 93 decodes the 
digital signature into a digest by using a publicized key, 
so tor instance, like the decoder 72 shown in Fig. 14. The 
digest thus obtained is supplied to a signature checker 
95. 

Like the digest generator 91 , the digest generator 
94 generates a digest of the received normal sentence 
55 and supplies it to the signature checker 95. 

The signature checker 95 judges legitimacy of the 
signature (digital signature), i.e., checks the signature. 
Specifically, the signature checker 95 checks whether 
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the digest that is output from the decoder 93 coincides 
with the digest that is output from the digest generator 
94. If the two digests do not coincide with each other, 
the legitimacy of the signature is denied with a judgment 
that, for instance, the normal sentence has been falsi- 
fied or the publicized key used in the decoder 93 is not 
a correct one. 

On the other hand, if the digest that is output from 
the decoder 93 coincides with the digest that is output 
from the digest generator 94, the legitimacy of the sig- 
nature is affirmed with a judgment that the normal sen- 
tence has not been falsified or the publicized key used 
in the decoder 93 is a correct one. 

The signature checker 95 is also supplied with the 
normal sentence that constitutes the signature-added 
normal sentence. The signature checker 95 outputs the 
normal sentence when the legitimacy of the signature is 
affirmed. 

Where a signature of an application program is add- 
ed to the application program in the software developer 
server 31 , a signature (digital signature) is generated by 
generating a digest of the application program and then 
encrypting the digest by using secret key-A in the above- 
described manner. On the other hand, in the user termi- 
nal 33, the signature is decoded into a digest by using 
publicized key-A and a digest is generated from the ap- 
plication program. The legitimacy of the signature is 
checked by judging whether the two digests coincide 
with each other. 

A signature serves to identify a party (software de- 
veloper in this example) who added it. The source of an 
application program to which a signature is added can 
easily be determined from its signature. For example, 
where an application program has a bug or the like, a 
software developer who distributed such an application 
program having the bug can easily be found out. 

Further, where an application program to which a 
signature is added has been falsified or infected with 
what is called a computer virus, a digest that is gener- 
ated from the application program does not coincide 
with a digest that is obtained by decoding the signature 
and hence the legitimacy of the signature is denied. 
Therefore, an application program that has been falsi- 
fied or infected with a virus can be prevented from being 
executed in the user terminal 33. 

Secret key-A that is used for generating a signature 
should be kept secret from third parties (in this example, 
parties other than the software developer and the pro- 
gram certificate authority), it is difficult tor a third party 
to find a signature generation method even if it tries to 
decipher an application program. 

The signature generation/check method is not lim- 
ited to the above one that utilizes the publicized key en- 
cryption scheme. 

Next, a description will be made of processes exe- 
cuted by the software developer server 31 , the program 
certificate authority server 32, and the user terminal 33 
in a case where the certification of an application pro- 



gram is performed through encryption that uses secret 
key-A. 

First, a process of the software developer server 31 
will be described with reference to flowcharts of Figs. 3 
s and 16. 

The software developer makes a license contract 
with the program certificate authority and acquires pub- 
licized key-A and secret key-A by, for instance, request- 
ing the program certificate authority to issue those. In 
to the software developer server 31 , first, at step S1 shown 
in Fig. 16, the communication control section 47 trans- 
mits publicized key-A to the program certificate authority 
server 32 via the network 34 to have it certified by the 
program certificate authority. The process then goes to 
is step S2, where the CPU 41 judges whether an encrypt- 
ed publicized key-A as a certified publicized key-A has 
been transmitted from the program certificate authority 
server 32. If it is judged that a certified publicized key- 
A has not been transmitted yet, the process returns to 

20 step S2. . 

If it is judged at step S2 that a certified publicized 
key-A has been received, the process goes to step S3, 
where the communication control section 47 receives 
the encrypted publicized key-A. The process then goes 
25 to step S4, where the encrypted publicized key-A re- 
ceived by the communication control section 47 is trans- 
ferred to the auxiliary storage device 46 and stored 
there. The process is then finished. 

Thereafter, the software developer develops an ap- 
30 plication program that is executed on a Java virtual ma- 
chine and it is stored (recorded) in the auxiliary storage 
device 46, for instance. In the software developer server 
31 , at step S6 shown in Fig. 3, the CPU 41 complies the 
application program that is stored in the auxiliary stor- 
35 age device 46 into Java byte codes according to a Java 
compiler program. The Java byte codes are also sup- 
plied to the auxiliary storage device 46 and stored there. 

The process then goes to step S7, where the CPU 
41 encrypts the Java byte codes that were obtained by 
40 the compilation at step S6 by using secret key-A, for in- 
stance, in the manner described above in connection 
with Fig. 14, to produce encrypted byte codes. At step 
S8, the encrypted byte codes are stored in the auxiliary 
storage device 46 so as to be correlated with the en- 
45 crypted publicized key-A. The process is then finished. 

Next, a process of the program certificate authority 
server 32 will be described with reference to a flowchart 
of Fig. 17. 

For example, the program certificate authority is a 
so party who developed a Java virtual machine as a pro- 
gram execution environment or an organization that is 
requested by that party to act on its behalf. For example, 
the program certificate authority server 32 executes a 
certification process 1or certificating publicized key-A as 
55 certification of an application program of a licensed par- 
ty- 

Specifically, this is done in the following manner. 
First, at step S11 , the CPU 51 of the program certificate 
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authority server 32 judges whether publicized key-A as 
a subject ot certification has been transmitted Irom, for 
instance, the software developer server 31 via the net- 
work 34. 11 it is judged that publicized key-A has not been 
transmitted, the process returns to step S11. It it is 
judged at step SI! that publicized key-A has been trans- 
mitted, the process goes to step S12. where the CPU 
51 judges whether the received publicized key-A is one 
from a licensed, i.e., regular, software developer. 

When the program certificate authority has made, 
with a software developer, a license contract that per- 
mits the software developer to, for instance, develop 
and distribute an application program that is executed 
on the Java virtual machine, it issues, lor instance, an 
ID and a password to the software developer. The ID 
and the password that were issued at the time of license 
contract are transmitted from the licensed, i.e., regular, 
software developer together with publicized key-A as a 
subject of certification. At step S12, the judgment as to 
whether publicized key-A is from a regular software de- 
veloper is made based on these ID and password. 

If it is judged at step SI 2 that publicized key-A is 
not from a regular software developer, that is, when pub- 
licized key-A has been transmitted from a software de- 
veloper with whom no license contact is made, the proc- 
ess goes to step S1 3, where the communication control 
section 57 transmits, to the software developer, a mes- 
sage to the effect that publicized key-A cannot be certi- 
fied unless a license contact is made. The process is 
then finished. 

On the other hand, if it is judged at step S12 that 
publicized key-A is from a regular software developer, 
the process goes to step S14, where the CPU 51 en- 
crypts the received publicized key-A into an encrypted 
publicized key-A. Publicized key-A is thus certified. 

The process then goes to step S1 5, where the com- 
munication control section 57 transmits the encrypted 
publicized key-A as a certification result of publicized 
key-A to the software developer who transmitted publi- 
cized key-A (in this example, the software developer 
server 31) via the network 34. The process is then fin- 
ished. 

Fig. 1 shows an example ot functional configuration 
of a program execution system as a program execution 
environment tor executing an application program in the 
user terminal 33. 

An input section 81 accepts encrypted byte codes 
(encrypted Java byte codes) and an encrypted publi- 
cized key-A as well as a publicized key-B, and supplies 
the encrypted byte codes to a decoding section B2 and 
the encrypted publicized key-A and publicized key-A to 
a decoding section B4. The decoding section 82 oper- 
ates as the decoder 72 of Fig. 14. Specifically, the de- 
coding section 82 decodes the encrypted byte codes 
that are supplied from the input section 81 into the orig- 
inal Java byte codes by using publicized key-A that is 
output from the decoder 84. The Java byte codes ob- 
tained by the decoding section 82 are supplied to a Java 



virtual machine 83. The Java virtual machine B3 exe- 
cutes a process defined by the Java byte codes that are 
supplied from the decoding section 82. Like the decod- 
ing section 82, the decoding section 84 operates as the 
5 decoder 72 of Fig. 1 4. Specifically, the decoding section 
84 decodes, into publicized key-A. the encrypted publi- 
cized key-A that is supplied from the input section 81 by 
using publicized key-B that is also supplied from the in- 
put section 81 , and supplies the resulting publicized key- 
10 A to the decoding section 82. 

In the above-configured program execution system, 
first, the input section B1 acquires encrypted byte codes 
and an encrypted publicized key-A as well as a publi- 
cized key-B. For example, where encrypted byte codes 
is and an encrypted publicized key-A have been transmrt- 
ted in advance from the software developer server 31 
via the network 34 and are stored as files in the auxihary 
storage device 66, or where a recording medium 35 on 
which the encrypted byte codes and the encrypted pub- 
20 licized key-A are recorded as files is set in the user ter- 
minal 33, the input section 81 opens those files and 
reads out the encrypted byte codes and the encrypted 
publicized key-A. 

Consider a case where the software developer 
25 server31 is connected to the Internet as the network 34. 
Where encrypted byte codes and an encrypted publi- 
cized key-A are correlated with a URL (unilorm resource 
locator) in such a software developer server 31 , the in- 
put section 81 receives the encrypted byte codes and 
so the encrypted publicized key-A that are transmitted rom 
the software developer server 31 via the network 34 
when the user specifies the URL by manipulating the 
input section 64. 

Consider another case where the software devel- 
35 oper server 31 digitally broadcasts encrypted byte 
codes and an encrypted publicized key-A by ground 
waves or through a satellite network as the network 34^ 
In this case, the input section 81 receives the encrypted 
byte codes and the encrypted publicized key-A that are 

40 broadcast. 

In a similar manner, the input section 81 acquires 
publicized key-B that is issued from the program certif- 
icate authority. 

Among the encrypted byte codes, the encrypted 
45 publicized key-A. and publicized key-B, the input section 

81 supplies the encrypted byte codes to the decoding 
section 82 and the encrypted publicized key-A and pub- 
licized key-B to the decoding section 84. 

The decoding section 84 decodes, into publicized 
so key-A, the encrypted publicized key-A that is supplied 
from the input section 81 by using publicized key-B that 
is also supplied from the input section 81 , and supplies 
the resulting publicized key-A to the decoding section 

82 The decoding section 82 decodes the encrypted 
55 byte codes that are supplied from the input section 81 

by using publicized key-A that is supplied from the de- 
coding section B2, and supplies Java byle codes as a 
decoding result to the Java virtual machine 83. The Java 
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virtual machine 83 interprets and executes the Java byte 
codes that are supplied from the decoding section 82. 

As described above, the decoding section B4 de- 
codes the encrypted publicized key-A into publicized 
key-A by using publicized key-B corresponding to 
(paired with) secret key-B that was used tor the encryp- 
tion in the program certificate authority server 32. Then, 
the decoding section B2 decodes the encrypted byte 
codes by using publicized key-A that has been obtained 
by the decoding section 84 through decoding and cor- 
responds to secret key-B that was used the encryption 
in the software developer server 31 . Java byte codes as 
a decoding result are input to the Java virtual machine 
83 

Therefore, a legitimate publicized key-A cannot be 
obtained if a key to be decoded by using publicized key- 
B is not what is called the legitimate encrypted publi- 
cized key-A issued from the program certificate author- 
ity. (There remains a possibility that a legitimate publi- 
cized key-A is accidentally output from the decoding 
section 84, the possibility is almost equal to zero.) For 
example, this corresponds to a case where there occurs 
input of a non-encrypted publicized key-A, an encrypted 
key-A that was encrypted according to a different algo- 
rithm than used in the program certificate authority serv- 
er 32, or publicized key-A that was encrypted according 
to the same algorithm as used in the program certificate 
authority server 32 without using secret key-B that 
should be used in a regular case. Therefore, even if the 
encrypted byte codes are decoded by using such a de- 
coding result, there cannot be obtained an application 
program that can be executed normally on the Java vir- 
tual machine 83; the Java virtual machine 83 does not 
operate correctly. As a result, it becomes possible to re- 
strict distribution of Java byte codes that operate on the 
Java virtual machine 83 but are not certified by the pro- 
gram certificate authority to users having the user ter- 
minal 33 in which the Java virtual machine 83 is imple- 
mented. 

In the above manner, it becomes possible to allow 
only software developers who have made a contract 
with the program certificate authority, to distribute Java 
byte codes that operate on the Java virtual machine 83 
to users having the user terminal 33 in which the Java 
virtual machine 83 is implemented. The developer or the 
like of the Java virtual machine 83 can receive license 
lees lor use of the Java virtual machine 83 from software 
developers who want to distribute Java byte codes that 
operate on the Java virtual machine 83. 

It is necessary to take a measure to allow only the 
decoding section 82 to input Java byte codes to the Java 
virtual machine 83. Further, it is desirable to take a 
measure to allow only the decoding section B4 to input 
publicized key-A to the decoding section 82. 

Upon reception of a certain input, each of the de- 
coding sections 82 and 84 shown in Fig. 1 executes a 
decoding process with respect to the input and outputs 
a processing result. Therefore, usually the Java virtual 



machine 83 runs away when a key other than publicized 
key-B, Java byte codes that have not been encrypted 
by using secret key-A, or publicized key-A that has not 
been encrypted by using secret key-B is input and a de- 
5 coding result obtained with such a key or Java byte 
codes is supplied to the Java virtual machine 83. In view 
of this, a procedure may be employed in which it is 
checked whether an output of the decoding section 82 
is legitimate (normal) Java byte codes and the Java vir- 
70 tual machine 83 is allowed to interpret and execute Java 
byte codes only when the output of the decoding section 
82 is legitimate Java codes. For example, the Java vir- 
tual machine 83 may be allowed to interpret and execute 
Java virtual machine when 32-bit data called "magic- 
is that is located at the head of the Java byte codes has a 
regular value ("CAFEBABE' in hexadecimal notation), 
with a judgment that the output of the decoding section 
82 is legitimate Java byte codes. The Java virtual ma- 
chine 83 is thus prevented from running away. 
20 Incidentally, from the viewpoint of restricting execu- 
tion of an application program on the Java virtual ma- 
chine 83, there is no problem even if the decoding algo- 
rithms of the decoding sections 82 and 84 of Fig. 1 or 
publicized keys-A and B are known to a party other than 
25 licensed parties as long as the encryption algorithms or 
secret keys-A and B to be used for the encryption are 
not known. That is, the execution of an application pro- 
gram on the Java virtual machine 83 can be restricted 
even if the decoding method of an encrypted sentence 
30 is known as long as the method of generating encrypted 
byte codes to be given to the decoding section 82 to 
supply the Java virtual machine 83 with Java byte codes 
that can be executed correctly or the method of gener- 
ating the encrypted publicized key-A to be given to the 
35 decoding section 84 is not known. 

However, if one knows the decoding method of an 
encrypted sentence, he can obtain original Java byte 
codes from encrypted byte codes. Since the contents of 
Java byte codes can be understood relatively easily by 
40 discompiling those, reverse engineering can be done 
easily. 

To prevent such reverse engineering, the decoding 
method of an encrypted sentence may be kept secret. 
For example, publicized key-B to be used for decoding 
45 the encrypted publicized key-A that has been obtained 
by encrypting publicized key-A to be used for decoding 
encrypted byte codes may be kept secret, through it is 
usually publicized. 

Fig. 18 shows an example of configuration of a pro- 
so gram execution system in which publicized key-B is kept 
secret The components in Fig. 18 having the corre- 
sponding components in Fig. 1 are given the same ref- 
erence numerals as the latter and descriptions therefor 
will be omitted where appropriate. 
55 in this embodiment, for example, publicized key-B 
is located at a single position or dispersed at a plurality 
of positions of a program lhat constitutes a program ex- 
ecution system including a Java virtual machine 83. A 
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decoding section 84 decodes an encrypted sentence by 
using such a publicized key-B. Therefore, in th.s case, 
publicized key-B never leaks from the program execu- 
lion system and hence it is possible to prevent an event 
that an encrypted sentence is illegally **^ ™6 re- 
verse engineering is performed (or the possibility ol oc- 
currence of reverse engineering can be reduced). 

Next, a description will be made of processes exe- 
cuted by the software developer server 31 and the user 
terminal 33 in a case where the certification of an appli- 
cation program is performed through addition of a sig- 
nature that is generated by using secret key-A. In this 
case, since the program certificate authority server 32 
executes a process similar to the process that « exe- 
cuted in the above-described case where an application 
program is encrypted, a description will be omitted 

First, a process of the software developer server 31 
will be described with reference to a flowchart of Fig. 5. 
It is assumed that the process described above in con- 
nection with the flowchart of Fig. 16 has already been 
executed in the software developer server 31 , whereby 
an encrypted publicized key-A has been «qu.»d Irom 
the program certificate authority. It is also assumed that 
an applLtion program that is executed on a Java virtual 
machine has been developed and stored in the auxiliary 

storaqe device 46. . 

in the software developer server 31 , as m the case 
ot step S6 of Fig. 3. the CPU 41 complies the applies ton 
program stored in the auxiliary storage device 46 into 
Java byte codes according to a Java compiler program 
(step S21). The Java byte codes are also supplied to 
the auxiliary storage device 46 and stored there 

Then, the process sequentially proceeds to step 
S22 onward, whereby a signalure (digital ^nature) for 
certifying that the Java byte codes obtained by the com- 
pilation at step S21 are legitimate is added to the Java 

bvte codes. * « „ 

Specifically, at step S22. the CPU 41 generates a 
digest of the Java byte codes, for instance, in the same 
manner as the digest generator 91 of Fig 16 does The 
process then goes to step S23, where the CPU 41 en- 
crypts, by using secret key-A, the digest that was gen- 
erated at step S22 in the same manner as the encryptor 
92 of Fiq 15 does, whereby a digital signature is gen- 
erated. The process then goes to step S24, where the 
digital signature is added to the Java byte codes. (Java 
byte codes to which a digital signature is added as in 
this case will be hereinafter called "signature-added 
byte codes' where appropriate.) At step S24, the signa- 
ture-added byte codes are stored in the auxiliary storage 

device 46 so as to be correlated with an encrypted pub- 
licized key-A. The process is then finished. 

Fig 4 shows an example of functional configuration 
ol a program execution system as a program execution 
environment for checking legitimacy of an applicat.on 
program and executing only a legitimate one in the user 
terminal 33. The components in Fig. 4 having the corre- 
sponding components in Fig. 1 are given the same ref- 



erence numerals as the latter and descriptions therefor 

will be omitted where appropriate. 

An input seclion 101 accepts inputs basically in the 
same manner as the input section 81 ol Fig. 1 The input 
5 section 101 is different from the latter m that rt receives 
signature-added byte codes (Java byte codes to which 
a signature (digital signature) is added) instead of en- 
crypted byte codes. The input section 101 separates the 
stature-added byte codes into a signature and Java 
,o STe codes and output those. The signature « supphed 
to a signature checking section 103 and the Java , byto 
codes are supplied to a message digest system 102 and 
a virtual machine input control section 104. 

The message digest system 102 executes a proc- 
ess that is simila'r to the process executed by ■£ > d.ges 
Generator 94 ol Fig. 1 5. That is. the message d.gest sys- 
?em 102 generates a digest from the Java byte codes 
and supplies it to the signature checking sect.on 10SL 
The signature checking section 103. which ^ond. 
20 to the decoder 93 and the signature checker 95 of Rg _ 
1 5 checks legitimacy of the signature that is suppl.ed 
from the input section 101 . 

Specifically, the signature checlong section 103 re- 
ceives the signature from the input section 101 and the 
2S "gest from the message digest system 102, as we,, as 
publicized key-A from a decoding sect.on 84. The s.g- 
Su e checking section 1 03 decodes the signature into 
a digest by using the received publicized key-A. and 
checks legitimacy of the signature by comparing the 

he message digest system 102. Further, the s.gnatu e 
?he"king seclion 1 03 controls the virtual rn^njut 
control section 104 in accordance wrth a check reeufc 
The virtual machine input control sect.on 104 con- 
35 trols, underthecontrolo1thesignaturecheck.ngsecton 
103, supply to the Java virtual mach.ne 83 of he Java 
byte codes that are supplied from the input sect.on 01 . 

In the above-configured program execution system 
first the input section 101 acquires signature-added 
<o byte codesand an encrypted publicized 

as publicized key-B in the same manner as the input 
section 81 of Fig. 1 . Then, the input sect.on 101 sepa- 
rate L signature-added byte codes into a signature 
and Java byte codes, and supplies the s.gnature to the 
45 s gnature decking section 1 03 and the Java byte codes 
to the message digest system 102 and the virtual ma- 
chine input control section 104. Further, the input see- 
Son 101 supplies the encrypted publicized key-A and 
publicized key-B to the decoding sect.on 84^ As de- 
so scribed above" in connection with Fig. 1. the decod.ng 
lection 84 decodes the encrypted publicized key-A nto 
publicized key-A by using publicized key-B .and supp..es 
the obtained publicized key-A to the signature checking 
section 103. 

On the other hand, the message digest .system 1 02 
generates a digest from the Java byte codes that are 
Lppliedfromthe input section 101 and suppl.es the di- 

gest to the signature checking section 103. The s.gna- 



12 



23 



EP0 875 814 A2 



24 



ture checking section 1 03 decodes the signature tha Us 
S u P pliedfr O mtheinput S ecti O n101intoa^estbyus>ng 

publicized key-A that is supplied Ircm the decoding sec- 
tion 84. Further, the signature checking sect.on 103 
compares the digest obta^ed by the decod.ng w.th the 
digest that is supplied Irom the message digest system 
102, and judges the legitimacy ol the signature that is 
supplied irom the input section 101 based on whether 
the two digests coincide with each other. 

II the legitimacy o1 the signature has been affirmed, 
that is. if the digest obtained by decoding the s.gnature 
coincides with the digest supplied Irom the message di- 
gest system 102. the signature checking sect.on 103 
Controls the virtual machine input control , se <*°n 1 
that the Java byte codes that are supplied rom the .nput 
section 101 are output to the Java virtual rrjach ne • Ba 
The virtual machine input control sect.on 104 supphes 
the Java virtual machine 83 with the Java byte codes 
that are supplied 1rom the input section 101 under the 
control ol the signature checking sect.on 10a 

Therefore, in this case, the Java v.rtual machine 83 
interprets and executes the Java byte codes thatare 
supplied irom the input section 101 via the v.rtual ma- 
chine input control section 104. 

On the other hand, if the legitimacy of the s.gnature 
has not been affirmed, that is, if the digest obtained by 
decodingthe signature does not coincide w«h the digest 
supplied from the message digest system 102 the s g 
na^ e checkingsection103contro.sthev,rtualmac^ne 

input control section 1 04 so that the Java byte codes 
that are supplied from the input sect.on 101 are not out- 
put to the Java virtual machine B3. 

In this case, the virtual machine input control sec- 
tion 1 04 does not output, to the Java virtual mach.ne 83. 
the Java byte codes that are supplied from the input sec- 
tion 101. Therefore, the Java virtual mach.ne 83 does 
not execute any process. 

As described above, also in the case where a s.g 
nature is added to certify an application program. * ^be- 
comes possible to restrict distribution of Java byte codes 
that operate on the Java virtual machine 83 but are not 
certified by the program certificate authority to ^ users 
having the user terminal 33 in which the Java virtual ma- 
chine 83 is implemented. That is. it becomes possible 
to allow only software developers who have made a eon- 
ract with the program certificate authority. «o Jstntart. 
Java byte codes that operate on the Java virtual ma- 
chine 83 to users having the user terminal 33 m wh ch 
the Java virtual machine 83 is implemented. The devel- 
oper of the Java virtual machine 83 can receive l.cense 

developers who want to distribute Java byte codes that 
operate on the Java virtual machine 83. 

As described above, in the case of add.ng a s.gna- 
ture. it also becomes possible to. for instance restnet 
execution on the Java virtual machine 83 of a 1als.1.ed 
version of signature-added Java byte codes. 

in the embodiment of Fig. 4, it is necessary to take 



a measure to allow only the virtual machne input control 
Section 104 to input Java byte codes to the Java v.rtual 
machine 83. Further, it is desirable to take a measure to 
Xw only the decoding section 84 to input pubhezed 
£ kev-A to the signature checking section 103. 

V lus noted Lt Java byte codes themselves ex* .n 
thecasewhereasignature is added to Java bytecodes. 
unlike the case where Java byte codes are encrypted 
Therefore in a program execution system that does not 
,o Seek the legitimacy of a signature (for example, .n a 
nrooram execution system in which Java byte codes as 

Java virtual machine 83), Java byte codes can be tiler 
preted and executed without any limitations. 
P Conversely, in the case where a s.gna Jir. » -d*d 
to Java byte codes, a developer and a seller of a Java 
vyualmachm 

as implemented in the user terminal 33. and l.ke part.es 
n^SSjure a program execution system as shown .n 
» Fig 4 A party who does not want to restrict the execu- 
tion of Java byte codes may configure a program ^exe- 
cutfon system in which the legitimacy of a s.gnature is 

n0t< i h n e the e embodiment of Fig. 10, the program 
S S cate authority provides a P W m "^^S 
software (i.e.. a program for caus.ng the use. ^ terminal 
33 to function as a program execution system) o users 
in such a manner that it can be implemented .n the user 
terminal 33 as it is. This program execution system may 
so S be provided in such a manner that it .s encrypted 
or^signature isaddedtoit. like an app.icat.on program 
provided by a software developer. 
P For example, where the program certificate author- 
ity provides users with a program execution system in 
35 whfch a signature is added, the program ^f "te a u 
thority server 32 executes a process accord.ng to a flow 

Ch Tth?case. in the program certificate authority 
server 32. first, at step S31 . the CPU 51 compiles .pro- 
40 gram as a program execution system .nto codes (here 
Saner relerred to as "execution codes" where appropn- 
Tte that can be executed by the CPU 61 of the use 
te rnlna. 33. At step S32, the CPU 51 
from the execution codes that were obtained by the 
45 compilation at step S31 , for instance, in , the ^manne de- 
scribed above in connection with F.g. 15. The process 
then goes to step S33, where the CPU 51 encrypts the 
dioest that was generated at step S32 by us.ng, for .n- 
s ance secret key-B that is used lor encrypfng pub,, 

so Szed key-A, to generate a -H^r*^ ff££l 

ai cipn S34 the digital signature is added to the execu 
Jon c^executfon cod'es to which a digital signature 
l added are hereinafter referred to as "signature-added 
execute codes" where appropriate) and the signature- 
ss added byte codes are stored in the auxiliary storage de- 
vice 56 so as to be correlated with publ.cat.on key-B that 
is paired with secret key-B that was used ,n generat.ng 
the signature. The process is then f.n.shed. 
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Fig 20 shows an example of functional configura- 
tion of a loader (program execution system implemen- 
tation apparatus) for implementing a program execution 
system of the above type to which a signature is added 
(signalure-added execution system) in the user terminal 
33 

' In this embodiment, the loader is constituted of an 
input section 1 1 1 . a message digest system 1 1 2, a sig- 
nature checking section 113. and an execution system 
114 The input section 111 . the message digest system 
11 2 and the signature checking section 11 3 are config- 
ured in the same manner as the input section 101 . the 
message digest system 1 02. and the signature check.ng 
section 103 of Fig. 4. respectively. The execution sys- 
tem 114 corresponds to those sections ol the user ter- 
minal 33 which include the CPU 61 and interpret and 
execute execution codes. 

in the above-configured loader, the input section 
1 1 1 acquires signature-added execution codes and pub- 
licized key-B. Then, the input section 111 separates the 
signature-added execution codes into a signature and 
execution codes, and supplies the signature to the sig- 
nature checking section 1 1 3 and the execution codes to 
the message digest system 11 2 and the execut.on sys- 
tem 114. Further, the input section 111 supplies publi- 
cized key-B to the signature checking section 113. 

The message digest system 1 1 2 generates a digest 
Irom the execution codes that are supplied from the in- 
put section 111 and supplies the generated digest to the 
signature checking section 113. The signature checking 
section 1 1 3 decodes the signature that is supplied from 
the input section 111 into a digest by using publicized 
key-B that is supplied from the input section 111 Fur- 
ther, the signature checking section 113 compares the 
digest obtained by the decoding with the digest thai is 
suppliedfromthemessagedigest system 112, and judg- 
es the legitimacy ol the signature that is supplied from 
the input section 111 based on whether the two digests 
coincide with each other. 

If the legitimacy of the signature has been affirmed, 
that is. if the digest obtained by decoding the signature 
coincides with the digest supplied from the message di- 
gest system 112, the signature checking sertion 113 
controls the execution system 114 so that it interprets 
and executes the Java byte codes that are supplied from 
the input section 111. In this case, the execution system 
114 interprets and execules the execution codes that 
are supplied from the input section 111 under the control 
ol the signature checking section 11 3. 

On the other hand, if the legitimacy of the signature 
has not been affirmed, that is, il the digest obtained by 
decoding the signature does not coincide with the digest 
supplied from the message digest system 112, the sig- 
nature checking section 1 1 3 controls the execution sys- 
tem 114 so that the Java byle codes that are supplied 
from the input section 111 are disregarded. In this case, 
the execution system 114 disregards the execution 
codes that are supplied 1rom the input section 111 and 



hence executes no process under the control of the sig- 
nature checking section 11 3. 

As described above, in the case where a signature 
is added to a program execution system, its lalsrfication 
s or the like can be prevented. ■ 
As described above, a program execut.on system 
can be encrypted, in which case reverse engineering on 
the program execution system can be prevented. 

When the legitimacy of the signature that is added 
10 to the program execution system has been affirmed, the 
execution system 114 interprets and executes the exe- 
cution codes that are suppliedfrom the. nputsect.on 111 

as described above. As a result, for example, a program 
execution system similar to the program execut.on sys- 
is tern that is implemented in the case of Fig. 4 .s .mpte- 
mented in the userterminal 33as shown in Fig. 21 How- 
ever, in this case, publicfced key-B is supplied to a de- 
coding section 84 from the input section 111 of the load- 
er of Fig 20 rather than from an input section 101 . 
eo Incidentally, considerable time is needed to en- 
crypts a program having a relatively large information 
quantity such as an application program or a program 
of a program execution system according to a publ.czed 
key encryption scheme such as the RSA scheme, or to 
2S decode its encrypted version. In contrast, encrypt.on/ 
decoding according to a common key encrypt.on 
scheme such as the DES scheme allows even a pro- 
gram having a large information to be J proc- 
essed in a relatively short time. On the other hand the 
30 RSA scheme causes no problem even .f a publ.c.zed 
key to be used for decoding is rendered open to the pub- 
lic as described above because the publicized key is ef- 
ferent from a secret key to be used for encrypt.on. How- 
ever in the DES scheme, since a common key is used 
ss for encryption and decoding, it is necessary to manage 
the common key strictly so that it does not come to be 
known to parties other than the parties concerned- 

In view of the above, a technique may be employed 
which allows encryption and decoding processes to be 
40 executed in a short time as well as facilitates key man- 
agement. Specifically, the DES scheme is employed to 
encrypt a program having a relatively large .nformafon 
quantity such as an application program and a common 
key that is used for the DES scheme encrypt.on .s en- 
4S crypted according to the RSA scheme. (An ^ncrypt.on 
technique in which the DES scheme and the RSA 
scheme are combined with each other will be here.nafter 
referred to as "combination scheme.*) 

Fiq 22 shows an example of functional conf.gura- 
so tion of the software developer server 31 in a case where 
encryption is performed according to a comb.nat.on 

Java byte codes that have been obtained by com- 
piling an application program with a Java comp.ler are 
ss E, pu ?to an encryptor 121. In addttion to the Java , byte 
codes, a common key is input to the encryptor 121 In 
the encryptor 121, the Java byte codes are encrypted 
into encrypted byte codes (encrypted sentence) by us- 
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ing the common key according to the DES scheme, for 

instance. , 

The common key that is input to the encryptor 121 
is also input to an encryptor 122. The encryptor 122 
which is to perform encryption according to the RSA 
scheme, tor instance, encrypts the common key by us- 
ing secret key-A. 

In this case, a soltware developer distributes to us- 
ers a set of encrypted byte codes, a common key that 
was encrypted by using secret key-A (hereinatter re- 
ferred to as "encrypted common key" where appropri- 
ate). and an encrypted publicized key-A that was ac- 
quired from the program certificate authority. 

Fig 2 shows an example of functional configuration 
of a program execution system to be implemented in the 
user terminal 33 in a case where the encryption of an 
application program is performed according to a combi- 
nation scheme. The components in Fig. 2 having the 
corresponding components in the program execution 
system ol Fig. 1 are given the same reference numerals 
as the latter and descriptions therelor will be omitted 
where appropriate. 

A decoding section 1 31 decodes an encrypted com- 
mon key according to the RSA scheme, tor instance, 
and supplies a common key as a decoding result to a 
decoding section 132. The decoding section 132 de- 
codes encrypted byte codes according lo ihe DES 
scheme, for instance. 

in the above-configured program execution system, 
an input section 81 acquires an encrypted byte codes 
(encrypted Java byte codes), an encrypted common 
key, an encrypted publicized key-A. and publicized key- 
B Then, the input section 81 supplies the encrypted 
publicized key-A and publicized key-B to a decoding 
section 84. supplies the encrypted common key to the 
decoding section 131, and supplies the encrypted byte 
codes to the decoding section 1 32. 

As described above, the decoding section 84 de- 
codes the encrypted publicized key-A into publicized 
key-A by using the publicized key-B, and supplies the 
resulting publicized key-A to the decoding section 131. 
The decoding section 1 31 decodes the encrypted com- 
mon key that is supplied from the input section 81 into 
a common key by using publicized key-A that is supplied 
from the decoding section 84, and supplies the resulting 
common key to the decoding section 1 32. The decoding 
section 1 32 decodes the encrypted byte codes that are 
supplied from the input section 81 into Java byte codes 
by using the common key that is supplied from the de- 
coding section 1 31 , and supplies the resulting Java byte 
codes to a Java virtual machine 83. 

The above-described combination scheme makes 
it possible to simplify the key management and increase 
the processing speed of encryption and decoding. 

The combination scheme can be applied to not only 
the case of encrypting an application program but also 
a case of encrypting a program (execution codes) ol a 
program execution system and other cases. 



The invention can be applied to not only Java virtual 
machines ol both of ihe above-mentioned interpreter- 
type and JIT compiler type, but also virtual machines 
other than the Java virtual machine. The invent.on can 
s even be applied lo a case where input to a program ex- 
ecution system is made through machine codes as in 
the case of a processing system of the C language or 
,he C ++ language, and to a case where input to a pro- 
qram execution system is made through source codes 
„ f s t the case of a processing system of the Basic lan- 

Although only a single program execution system 
is provided in the embodiments of Figs. 1 and 4 the pro- 
gram execution system can be provided in , pluralrty nn 
,5 The user terminal 33. This will be exemplified below. 
Where a plurality of input sections 81 or 101 are provid- 
Td an encrypted sentence or signature-added byte 
Ses can bTinput from a plurality of paths. Where a 
plurality of decoding sections 82 and/or 84 are > provided^ 
20 an encrypted sentence can be decoded according to a 
plurality^ decoding algorithms. Where a pluraMy of 
Save virtual machines 83 are provided it is possible to 
support a plurality of Java byte code formats. Further 
where a plurality ol message digest systems 102 and a 
25 plurality of signature checking sections 103 are provid- 
ed it te pcssbl. to check a plurality of signatures that 
have been added according to a plurality of techniques. 

reSP Miough in the above embodiments encryption or 
3 o signature generation is performed by us.ng a single key. 
it may be performed by using a plurality of keys. For ex- 
ample, encrypting operations may be performed se- 
quentially by using a plurality of keys and s.gnatu es 
Ly be generated in a number equal to the number of 

35 keyS |'n the above embodiments, Java byte codes may 
be of any ol a number of lorms such as Java Application, 
Java Applet, Java Benas, and Java Class Library 

in the information processing apparatus according 
40 to the first aspect of the present invention and the infor- 
mation processing method according to the second as- 
pect of me present invention, an encrypted version of a 
first key that is necessary to decode an encrypted ver- 
sion of a program is decoded by us.ng a second key 
45 and the encrypted version of the progranr ' '^ecoded by 
usingthe first key that is obtained through the decoding 
The program that is obtained by the decoding is then 
executed. On the recording medium according to the 
third aspect of the present invention, a program for ca us- 
ao ing a computer to decode, by using a second key, an 
encrypted version of a first key that is necessary to de- 
code an encrypted version o1 a program, decode the en- 
crypted version ol the program by using the first key that 
is obtained through the decoding, and execute the pre- 
ss gram that is obtained by the decoding is recorded^ 
Therefore, it becomes possible to allow execution o1 i a 
program onry when a first key and the program have 
been decoded. 
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In the information processing apparatus according 
to the fourth aspect ol the present invention and the in- 
formation processing method according to the fifth as- 
pect of the present invention, a program » wpted 
into encypted sentences to be decoded into codes that 
can be executed by the information processing appara- 
tus according to the f irst aspect ot the present invention 
On the recording medium according to the sixth aspect 
of the present invention, a program being encrypted into 
encrypted sentences to be decoded into codes that can »o 
be executed by the information processing apparatus 
according to the first aspect of the present invention « 
recorded. Therelore, it becomes possible to provide an 
encrypted program that can be executed by the infor- 
mation processing apparatus according to the first as- 
pect of the present invention. 

I n the information processing apparatus according 
to the seventh aspect of the present invention and the 
information processing method according to the eighth 
aspect of the present invention, an encrypted version of 
a first key to be used in checking a signature that is add- 
ed to a program is decoded by using a second key, and 
it is checked, by using the first key that i» obtained 
through the decoding, whether the signature that is add- 
ed to the program is legitimate. The program is executed 
only when it is affirmed to be legitimate. On the recording 
medium according to the ninth aspect of the present in- 
vention, a program for causing a computer to decode 
by using a second key. an encrypted version of a first 
key to be used in checking a signature that is added to 
a program, check, by using the first key that obtained 
through the decoding, whether the signature that is add- 
ed to the program is legitimate, and execute the program 
only when it is affirmed to be legitimate is recorded^ 
Therefore, it becomes possible to allow execution of a 
program only when a signature that is added to the pro- 
gram is legitimate. 

In the information processing apparatus according 
to the tenth aspect ol the present invention and the in- 
formation processing method according to the eleventh 
aspect of the present Invention, a program is processed 
so that a signature will be affirmed to be legitimate in the 
information processing apparatus according to the sev- 
enth aspect of the present invention. On the recording 
medium according to the twelfth aspect of the present 
invention, a program having been processed so that a 
signature will be affirmed to be legitimate in the informa- 
tion processing apparatus according to the seventh as- 
pect of the present invention is recorded. Therefore, it 
becomes possible to provide a program that has been 
processed so as to be executable by the information 
processing apparatus according to the seventh aspect 
of the present invention. 



Claims 

1. An information processing apparatus which exe- 



3. 



cutes a process for executing a program, compris- 
ing: 

first key decoding means lor decoding, by using 
a second key, an encrypled version ot a first key 
that is necessary to decode an encrypted ver- 
sion of the program; 

program decoding means for decoding the en- 
crypted version of the program by using the first 
key that is obtained through decoding by the 
first key decoding means; and 
executing means tor executing the program 
that is output from the program decoding 
means. 

The information processing apparatus according to 
' claim 1, further comprising second key decod.ng 
means lor decoding, by using a third key, an en- 
crypted version ot the second key in a case where 
the second key is encrypted. 

The information processing apparatus according to 
claim 2, wherein: 

the first key is a common key that was used 1or 
encrypting the program according to a common 
key encryption scheme; 
the second key is a publicized key correspond- 
ing to a secret key that was used tor encrypting 
the first key according to a common key encryp- 
tion scheme; and 

the third key is a publicized key correspond ng 
to a secret key that was used for encrypting the 
second key according to a common key encryp- 

tion scheme. 

The information processing apparatus according to 
claim 1 , wherein the program decoding means de- 
codes the encrypted version of the program by us- 
ing a plurality of first keys. 

An information processing method for executing a 
process tor executing a program, comprising the 
steps of: 

decoding, by using a second key. an encrypted 
version of af.rst key that is necessary to decode 
an encrypted version of the program; 
decoding the encrypted version of the program 
by using the first key that is obtained through 
the decoding, and 
executing the program that is obtained by the 

decoding. 

ss 6 A recording medium on which a program is record- 
ed, the program being for causing a computer to. 

decode, by using a second key. an encrypted 
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version of a f irst key that is necessary to decode 
an encrypted version of a program; 
decode the encrypted version of the program 
by using the first key that is obtained through 
the decoding; and 

execute the program that is obtained by the de- 
coding. 

7. An information processing apparatus which exe- 
cutes a program, comprising encrypting means for 
encrypting the program into encrypted sentences to 
be decoded into codes that can be executed by the 
information processing apparatus according to 
claim 1 . 

8 An information processing method lor executing a 
program, comprising the step of encrypting the pro- 
gram into encrypted sentences to be decoded into 
codes that can be executed by the information 
processing apparatus according to claim 1 . 

9 A recording medium on which a program is record- 
ed, the program being encrypted into encrypted 
sentences to be decoded into codes that can be ex- 
ecuted by the information processing apparatus ac- 
cording to claim 1. 

10. An information processing apparatus which exe- 
cutes a process lor executing a program, compris- 
ing: 

executing means for executing the program; 
key decoding means lor decoding, by using a 
second key, an encrypted version of a first key 
to be used in checking a signature that is added 
to the program; 

checking means for checking, by using the first 
key that is obtained through decoding by the 
key decoding means, whether the signature 
that is added to the program is legitimate; and 
supplying means for supplying the executing 
means with the program that has been affirmed 
to be legitimate by the checking means and to 
which the signature is added. 

11. An information processing method for executing a 
process for executing a program, comprising the 
steps of: 

decoding, by using a second key, an encrypted 
version of a first key to be used in checking a 
signature that is added to the program; 
checking, by using the first key that is obtained 
through the decoding, whether the signature 
that is added to the program is legitimate; and 
executing the program only when it is affirmed 
to be legitimate. 



12. A recording medium on which a program is record- 
ed, the program being for causing a computer to: 

decode, by using a second key, an encrypted 
version of a first key to be used in checking a 
signature that is added to a program; 
check, by using the first key that is obtained 
through the decoding, whether the signature 
that is added to the program is legitimate; and 
execute the program only when it is affirmed to 
be legitimate. 

13 An information processing apparatus which exe- 
cutes a program, comprising processing means tor 
processing the program so that a signature w.ll be 
affirmed to be legitimate in the information process- 
ing apparatus according to claim 10. 

14 An information processing method for executing a 
program, comprising the step of processmgthe pro- 
gram so that a signature will be affirmed to be legit- 
imate in the information processing apparatus ac- 
cording to claim 10. 

15 A recording medium on which a program is record- 
ed the program having been processed so that a 
signature will be affirmed to be legitimate in the in- 
formation processing apparatus according to claim 
10. 



35 



40 



45 



SO 



55 



17 



EP 0 875 814 A2 



(3 




18 



EP0 875 814 A2 



C\J 

b 




19 



EP0 875 814 A2 



FIG.3 

( START ) 



COMPILE APPLICATION PROGRAM — S6 



I 



ENCRYPT JAVA BYTE CODES BY L_ s7 
USING SECRET KEY-A 



STORE ENCRYPTED BYTE CODES 

TOGETHER WITH ENCRYPTED |~S8 
PUBLICIZED KEY-A 



( END ) 



20 



EP 0 875 814 A2 




m 

> 
ID 

Q 
LU 
M 

g 
_i 

CD 
D_ 



, < CO 
LU > LU 
LT < O 

zuljlu 

CO<cQ 




qo 

LU LU 

tr Zi lu 

LU Q- 



21 



EP0 875 814 A2 



FIG.5 



1 




COMPILE APPLICATION PROGRAM f 






GENERATE DIGEST | 






GENERATE DIGITAL SIGNATURE 
BY USING SECRET KEY-A 






STORE SIGNATURE-ADDED BYTE 
CODES TOGETHER WITH ENCRYPTED 
PUBLICIZED KEY-B 







S22 



S23 



S24 



( END } 



22 



EP0 875 814 A2 



FIG.6 



i— 4 



CENTRAL 
PROCESSING 
UNIT 

3 H — I REGISTER - 



0 
1 



11 



13 

_J_ . 

REGISTER 



14 



0 
1 



100 



100 
200 



23 



EP0 875 814 A2 



FIG.7 



1 

JAVA LANGUAGE 
PROGRAM 



JAVA 
COMPILER 



21 



JAVA BYTE CODES^j 



VIRTUAL 
MACHINE 



■11 



MACHINE 
LANGUAGE CODES 



FIG.8 



Move #125, register 13 



JAVA BYTE CODE 
•INSTRUCTION 
(MNEMONIC) 



VIRTUAL 
MACHINE 



•11 



Move #125, register 3 



MACHINE 
LANGUAGE 
INSTRUCTION 
(MNEMONIC) 



24 



EP 0 875 814 A2 



FIG.9A 



FIG.9B 



EXECUTION 
RESULT IN ACTUAL 
COMPUTER 



EXECUTION RESULT 
AS VIEWED FROM 
JAVA VIRTUAL 
MACHINE 



3 
125 



13 
125 



25 



EP 0 875 814 A2 



CC 
O 
X 
\— 
ZD 
< 

UJ 

O 
LL 

\— 
CC 
HI 

o 



< 
cr 
O 
O 




26 



EP0 875 814 A2 



FIG.11 




41 



INPUT SEC. 



-N 
V 



OUTPUT 
SEC. 



<S=0 



AUXILIARY 
STORAGE 
DEVICE 



COMMUNICATION 
CONTROL SEC. 



— 47 



27 



EP 0 875 814 A2 



FIG. 12 




AUXILIARY 
STORAGE 
DEVICE 



— 56 



COMMUNICATION 
CONTROL SEC. 



57 



28 



EP0 875 814 A2 



FIG.13 




COMMUNICATION 
CONTROL SEC. 



— 67 



29 



EP 0 875 814 A2 



< Z 
5 LU 

CC K 

oz 

Z LU 
C/) 



CM 
f- 



tr 




LU 




o 




O 




o 




LU 




Q 





LL 



>- 

LU 

Q 
LU 

o 

__J 
CD 




LU 

<z 

2 LU 
CC H 

oz 

Z LU 



30 



EPO 875 814 A2 




31 



EP0 875 814 A2 



FIG. 16 

( START ) 



TRANSMIT 
PUBLICIZED 
KEY-A 



S1 



NO/ ENCRYPTED PUBLICIZED KEY-A 
HAS BEEN TRANSMITTED? 



YES 



RECEIVE ENCRYPTED 
PUBLICIZED KEY-A 



S3 



STORE EN 
PUBLICIZE 


ICRYPTED 
ED KEY-A 







S4 



C END ) 



32 



EP0 875 814 A2 



FIG. 17 

( START ) 



NO 



HAS PUBLICIZED KEY-A BEEN 
TRANSMITTED? 



S11 



YES 




REGULAR SOFTWARE DEVELOPER? 



NO 



YES 



S14- 



S15- 



EN CRYPT PUBLICIZED 
KEY-A BY USING 
SECRET KEY-B 



S13 



i 



TRANSMIT ENCRYPTED 
PUBLICIZED KEY-A • 



TRANSMIT MESSAGE 
TO THE EFFECT 

THAT CERTIFICATION 
CANNOT BE 
PERFORMED 



( END } 



33 



EP 0 875 814 A2 



oo 



LU 
J— 
C/D 
>- 
CO 



00 Q 

o § 

U_ LU 



< 

cc 
o 
o 
cc 

Q_ 



o 
z 

o b 

O LU 
Q CO 
LU 
O 



CD 

> 
LU 

Q 
LU 
M 

o 

_l 

CD 



00 



SEC. 




O 
z 

o d 


INPUT 




O LU 
QCO 
LU 
Q 



C\J 
00 



< 

I 

> 

LU 

Q 
LU 
N 

g 
_j 

CD 
ZD 
D. 




co 

CO 





— I LU 


< 


< z 


> 




< 


11 




>2 



L_. 



m LU 

CD 



LU 



Q Q 
LU UJ 

M < 

O m ^ 
UJ CL 



34 



EP0 875 814 A2 



FIG.19 

C START ) 







COMPILE PROGRAM 


EXECUTION SYSTEM 



GENERATE DIGEST FROM 
EXECUTION CODES 



GENERATE DIGITAL SIGNATURE BY 
USING SECRET KEY-B 



STORE SIGNATURE-ADDED EXECUTION 
CODES TOGETHER WITH PUBLICIZED KEY-B 



S31 



S32 



S33 



•S34 



C END ) 



35 



EP0 875 814 A2 




O 
UJ 
M 

g 
i 

CD 
ZD 
Q- 



o 

CO 



g 

CO 



36 



EP0 875 814 A2 





CD 
Z 

O 



CO 
00 



■ I D-t UJ 



|<*=o 

> s o 



CO 











AVA 


< z 

11 


-5 






>5 



.J 



37 



EP 0 875 814 A2 



CM 
CM 



Q 
LU 

t 

>- 

DC 

o 
z 

UJ 



UJ 

o 
z 

UJ 



UJ 
CO 



Q 
UJ 
I- 
Ql 
>- 
CC 

o 
z 

LU 



>- 

LU 

Z 

o 



o 
o 



cvi 



CVI 








ENCRYPTOR 
(RSA) 







UJ 



UJ 

cc 

O 
UJ 

CO 



CO 
LU 
Q 
O 
O 

LU 



CD 

< 
> 
< 

-3 



LU 
Z 

o 



o 
o 



38 



